[dokuwiki] Re: Plugin captcha -
- From: Andreas Gohr <andi@xxxxxxxxxxxxxx>
- To: DokuWiki Mailinglist <dokuwiki@xxxxxxxxxxxxx>
- Date: Wed, 1 Feb 2017 18:09:14 +0100
It comes in too fast. Multiple GET and POST within 5 seconds, different
pages. Request happens 24h also. From other data I captured I know this
source. IP's changing regularly. Anyway, no matter if automated or
semi-automated. Posting a comment regularly through a browser as usual,
gives many more GET entries in the logs.
Okay. Seems to be a real problem.
In the meanwhile I'm a bit further. It seems to me that the secret string
was created by the spammer itself. This can be reproduced through a browser.
The captcha image will be created - ok, not on my site at the moment.
Something like this:
http(s)://www.example.com/lib/plugins/captcha/img.php?secret=kwD%2BIDAiJXuk2zbfbkg2cV%2Bmy8TKEI0Hs4kc%2Fwd%2Bt%2BD
creates a captcha image with letters UUDNOVKX. If you reload the page the
font changes, but not the content.
Yeah, that's correct. Meanwhile I thought a bit further, I think we
have another replay attack here. The problem is that the captcha
plugin wasn't really made for comments, but for pages. As long as the
page isn't edited and the attacker uses the same browser and IP
address, the captcha can be reused. For normal pages this doesn't
matter because after the first correct use the page was edited and a
new captcha is required.
I think about it. There will probably a new release later tonight.
Andi
--
splitbrain.org
--
DokuWiki mailing list - more info at
http://www.dokuwiki.org/mailinglist
Other related posts:
